[x]
Posted via EE Mobile

Search, ask, and monitor your questions on the go with EE Mobile. Visit Experts Exchange from your mobile device and never be out of touch again.
Question
[x]
Attachment Details

USB_Registry_Activity on SCSP

Asked by MMKPN in Intrusion Detection Systems (IDS), Windows Network Security, Microsoft Operating Systems, Computer Hardware, Miscellaneous Security

Tags: Symantec CSP, HIDS

I am daily getting "USB_Registry_Activity" from HIDS for a device daily at same time, but no USB is connected to the server and no scheduled services are running at that time. can you tell me what could be the problem.
RULE_NAME="USB_Registry_Connect_Activity
PROCESS_NAME="services.exe"
DESCRIPTION="Watched Registry CREATE operation on \HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\USB\ROOT_HUB\4&7353027&0\LogConf" OTHERINFO=""
[+][-]10/14/09 03:59 AM, ID: 25569041Expert Comment

At Experts Exchange, members can ask their questions to thousands of technology professionals, also known as Experts. Experts compete and collaborate to answer those questions by leaving comments like this one.

Start your 30-day free trial to view this Expert Comment or ask the Experts your question.

 
[+][-]10/14/09 05:44 AM, ID: 25569795Author Comment

Often, when Experts are collaborating with members who have asked questions, they will request additional information about the problem. Askers respond with an author comment like this one.

Start your 30-day free trial to view this Author Comment or ask the Experts your question.

 
[+][-]11/18/09 06:29 AM, ID: 25850026Administrative Comment

Experts Exchange has a courteous staff of administrators who help members get the most out of the website by means of administrative comments like this one.

Start your 30-day free trial to view this Administrative Comment or ask the Experts your question.

 
[+][-]11/18/09 06:29 AM, ID: 25850030Administrative Comment

Experts Exchange has a courteous staff of administrators who help members get the most out of the website by means of administrative comments like this one.

Start your 30-day free trial to view this Administrative Comment or ask the Experts your question.

 
[+][-]11/21/09 06:33 AM, ID: 25878083Administrative Comment

Experts Exchange has a courteous staff of administrators who help members get the most out of the website by means of administrative comments like this one.

Start your 30-day free trial to view this Administrative Comment or ask the Experts your question.

 
[+][-]11/21/09 06:33 AM, ID: 25878085Administrative Comment

Experts Exchange has a courteous staff of administrators who help members get the most out of the website by means of administrative comments like this one.

Start your 30-day free trial to view this Administrative Comment or ask the Experts your question.

 
 
Loading Advertisement...
20091111-EE-VQP-92 - Hierarchy / EE_QW_3_20080625